Home Featured work Just for fun Articles Artwork About me

Education Sector Logon

2024 Multi-factor Authentication

Overview

Education Sector Logon (ESL) is an identity management and authentication application that allows education providers and teachers to securely access a range of education sector applications. ESL is used across schools, early learning centres, and education agencies, by people with a wide range of digital experience and technical ability.

As part of a security uplift, ESL needed to enable Multi-Factor Authentication (MFA) for all users. While MFA improves security, the out-of-the-box Microsoft MFA interface posed a usability challenge: it was generic, technical, and unbranded, creating a disconnect and confusion for many users.

My role in this implementation was to design and user-test multi-factor authentication as part of the login flow.

Tools: Figma/Figjam, Microsoft Teams

The Challenge

  • Low digital literacy: most users weren’t familiar with MFA, and some hadn’t encountered security features like authenticator apps before.
  • Poor default experience: the out-of-the-box Microsoft MFA interface was too technical and inconsistent with ESL's visual language.
  • High support risk: a bad experience could overwhelm service desk during rollout.
  • Complex phased release: the MFA experience had to work well during multiple rollout phases, while being iteratively improved based on real feedback.

Visual Design

The first step was visual trust. If users didn't recognize the environment, they may abandon the set-up. 

  • Created a custom, branded ESL MFA screen that aligned closely with the ESL interface, using familiar colors, typography, and layout structure.
  • Minimized visual clutter: removed unnecessary elements from Microsoft’s UI, added ESL-specific headers and instructions.
  • Design fidelity: started with low-fidelity wireframes to validate flow, then iterated to high-fidelity UI mockups that matched production environment

    Content and Copy

    We knew content would make or break the experience, especially for users unfamiliar with technical concepts.

    • Plain language first: technical MFA terminology was rewritten into everyday language.
    • Tone of voice: supportive, reassuring, and instructional, not alarming or overly corporate.
    • Progression: steps were broken into small chunks to avoid overwhelming users.
    • Adaptive guidance: content that varied slightly based on whether users were going the QR code route or alternative method to setup MFA.

      User Testing

      User tests were conducted with about 10 ESL users. Feedback was gathered for the setup page, as well as the user flows for a returning user, set up cancellation, logging in to different ESL applications after succesfully completing MFA, and removing MFA on behalf of someone as an admin.

          Full user flows to be tested for MFA setup & authenticating as a returning user

          User test plan

          Prior to the user tests, a user test plan was written up to define objectives and to provide a guide to follow when conducting user test sessions. 

          Assumptions

          Script

          User testing sessions

          I conducted 1:1 online user test sessions with internal ESL users with the help of a note-taker. We set up a note-taking space on FigJam to record feedback and outcomes from each user test. All sessions were done virtually to allow for recording and transcriptions for future reference.

          In the sessions we

          • Observed behavior and confusion points: what took too long? What did they skip or misread? Where did they hesitate?
          • Captured quotes and reactions: some were hesitant at first, but felt more comfortable once they started reading the instructions.

          Findings

          From the user tests, all the insights that we collected amounted to a lot of data, some of which were repeated feedback. The AI summarize tool in FigJam was used to collate these findings and provide a more succinct summary of usability issues. This was a time saver as it mitigated the manual work of reading through and organizing each piece of feedback.

          Actionable insights from the summary was to be taken to improve MFA in the next delivery phase

          Personas

          From the user tests, I derived 3 user personas to support our findings. With these personas we were able to match pain points to different tech-competency levels of novice, intermediate, and proficient. Because a large majority of ESL users are not tech-savvy and may have no prior experience with multi-factor authentication, we had to accommodate for the lowest tech-competency level.

          Thanks to —

          UX Lead: Ramya Ravishankar

          Note takers: Ramya Ravishankar, Olivia Waite, Tom Outram

          Back to Featured work